developer-advocacy
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions direct the agent to read and process content from a local file, creating a surface for indirect prompt injection.
- Ingestion points: SKILL.md instructs the agent to read the file '.agents/developer-audience-context.md' to determine audience information and product positioning.
- Boundary markers: The skill lacks explicit boundary markers or instructions that would tell the agent to ignore any embedded commands or instructions found within the ingested context file.
- Capability inventory: No executable scripts or tool definitions are provided within the skill's own files, which mitigates the risk of immediate malicious action, though the agent's general environment may still be vulnerable.
- Sanitization: There are no instructions or mechanisms provided to sanitize or validate the content of the external context file before processing.
Audit Metadata